rename privsep-main to privileged-main

1 files changed, 50 insertions, 0 deletions

diff --git a/privileged-main.lua b/privileged-main.lua
new file mode 100644
index 0000000..8fe447c
--- /dev/null
+++ b/privileged-main.lua
@@ -0,0 +1,50 @@
+modname = ...
+
+if not modname then
+	modname = "session"
+end
+
+json = require("json")
+
+
+function ret_error(errmsg)
+	io.write(json.encode({false, errmsg, nil}).."\n")
+	os.exit(0)
+end
+
+function ret_success(result)
+	io.write(json.encode({true, "success", result}).."\n")
+end
+
+-- path must be absolute for production so users cannot load scripts from
+-- non secured dirs
+modules_path = "./modules/"
+
+if not modname then
+	return 1
+end
+
+-- make sure we dont have any path elements in modname so we cannot pass
+-- modnames like '../myevilmod'
+mfile = modules_path..string.gsub(modname, ".*/", "")..".lua"
+
+-- load the module
+m = dofile(mfile)
+
+-- read args from stdin
+request = json.decode(io.read("*a"))
+funcname, sessionid, args = unpack(request)
+
+--ret_error(funcname)
+-- check that the func we want exists
+if type(m[funcname]) ~= "function" then
+	ret_error(funcname..": not a function")
+end
+
+-- TODO: check permissions here
+
+-- execute the func and pack the return values into a table
+result = { m[funcname](unpack(args)) }
+
+ret_success(result)
+